Systems and methods for risk awareness using machine learning techniques

ABSTRACT

A method for training and using a machine-learning based model to reduce and troubleshoot incidents in a system may include receiving first metadata regarding a previous modification, extracting a first feature from the received first metadata, receiving second metadata regarding a previous incident, extracting a second feature from the received second metadata, training the machine-learning based model to learn an association between the previous modification and the previous incident, based on the extracted first feature and the extracted second feature, and using the machine-learning based model to determine a risk level for a proposed modification to a system.

TECHNICAL FIELD

Various embodiments of the present disclosure relate generally totraining and using a machine-learning based model to reduce andtroubleshoot incidents in a system and, more particularly, to trainingand using a machine-learning based model to determine a risk level for aproposed modification to a system.

BACKGROUND

Deploying, refactoring, or releasing software code has different kindsof associated risk depending on what code is being changed. Not having aclear view of how vulnerable or risky a certain code deployment may beincreases the risk of system outages. Deploying code always includesrisks for a company, and platform modernization is a continuous process.A technology shift is a big event for any product, and entails a largerisk and opportunity for a software company. When performing suchoperations, there is a great need to ensure that code is refactored inthe most vulnerable areas and that a correct test framework is in placebefore starting a transition to newly deployed code.

Additionally, software companies have been struggling to apply rules forwhat changes are allowed in certain releases to avoid outages, and thisprocess is rules based and/or manually subjective. Outages and/orincidents cost companies money in service-level agreement payouts, butmore importantly, wastes time for personnel via rework, and may riskadversely affecting a company's reputation with its customers. Highestcosts are attributed to bugs reaching production, including a rippleeffect and a direct cost on all downstream teams. Also, after amodification has been deployed, an incident team may waste timedetermining what caused a change in performance of a system.

The present disclosure is directed to overcoming one or more of theseabove-referenced challenges.

SUMMARY OF THE DISCLOSURE

According to certain aspects of the disclosure, systems and methods aredisclosed for training and using a machine-learning based model toreduce and troubleshoot incidents in a system and, more particularly, totraining and using a machine-learning based model to determine a risklevel for a proposed modification to a system.

An embodiment of the disclosure may be a method for training amachine-learning based model, the method comprising, performing by oneor more processors, operations including: receiving first metadataregarding a previous modification to a system; extracting a firstfeature from the received first metadata; receiving second metadataregarding a previous incident related to the previous modificationoccurring in the system; extracting a second feature from the receivedsecond metadata; training the machine-learning based model to learn anassociation between the previous modification and the previous incidentrelated to the previous modification, based on the extracted firstfeature and the extracted second feature; and automatically determininga risk level for the previous modification based on the extracted firstfeature, by using the trained machine-learning based model, based on thelearned association between the previous modification and the previousincident related to the previous modification.

An embodiment of the disclosure may be a method for determining a risklevel for a proposed modification to a system, the method comprising,performing by one or more processors, operations including: receivingmetadata regarding the proposed modification to the system; extracting afeature from the received metadata, the extracted feature correspondingto a feature of a trained machine-learning based model for determiningthe risk level for the proposed modification based on a learnedassociation between the extracted feature and an incident occurring inthe system; and automatically determining the risk level for theproposed modification based on the extracted feature, by using thetrained machine-learning based model that was trained based on a firstfeature extracted from metadata regarding a previous modification to thesystem and a second feature extracted from metadata regarding a previousincident related to the previous modification occurring in the system,based on the learned association between the extracted feature and theincident occurring in the system.

An embodiment of the disclosure may be a computer-implemented system fordetermining a risk level for a proposed modification to a system, thesystem comprising: a memory to store instructions; and a processor toexecute the stored instructions to perform operations including:receiving metadata regarding the proposed modification to the system;extracting a feature from the received metadata, the extracted featurecorresponding to a feature of a trained machine-learning based model fordetermining the risk level for the proposed modification based on alearned association between the extracted feature and an incidentoccurring in the system; and automatically determining the risk levelfor the proposed modification based on the extracted feature, by usingthe trained machine-learning based model that was trained based on afirst feature extracted from metadata regarding a previous modificationto the system and a second feature extracted from metadata regarding aprevious incident related to the previous modification occurring in thesystem, based on the learned association between the extracted featureand the incident occurring in the system.

Additional objects and advantages of the disclosed embodiments will beset forth in part in the description that follows, and in part will beapparent from the description, or may be learned by practice of thedisclosed embodiments. The objects and advantages of the disclosedembodiments will be realized and attained by means of the elements andcombinations particularly pointed out in the appended claims.

As will be apparent from the embodiments below, an advantage to thedisclosed systems and methods is that the disclosed systems and methodsprovide an end-to-end approach to incidents, as compared to currentisolated improvements per department, which will lead to increasedcommunication and focus on common problems. The disclosed systems andmethods provides a solution for all departments in a company to supplydata to be commonly available for insights to all departments. As aresult, a team may take actions such as extra testing, extra staffduring hardware and/or software deployment, and provide directions forrefactoring code, for example.

For example, the disclosed systems and methods may provide intelligentalerts along the DevOps loop to mitigate incidents, reduce developmentbugs, and identify risks proactively in real-time. The disclosed systemsand methods may be integrated with code repositories to alert developerswhen critical code segments are modified or provide auto-approve forless critical code segments, which will reduce long-term developmentmaintenance. The disclosed systems and methods may be integrated withdeployment and configuration management platforms to alert operationsand service delivery personnel when configuration items are modified orauto-approve non-critical changes. The disclosed systems and methods maybe used in test-automation, which may reduce time to release. Thedisclosed systems and methods may be used with incident management toalert incident handlers about potentially code-related or change-relatedincidents and provide valuable information to improve speed ofresolution.

It is to be understood that both the foregoing general description andthe following detailed description are exemplary and explanatory onlyand are not restrictive of the disclosed embodiments, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of this specification, illustrate various exemplary embodiments andtogether with the description, serve to explain the principles of thedisclosed embodiments.

FIG. 1 depicts an exemplary system overview for risk aware softwaredevelopment and information technology operations (DevOps) using machinelearning techniques, according to one or more embodiments.

FIG. 2 depicts a flowchart of a method of training a machine-learningbased model, according to one or more embodiments.

FIG. 3 depicts a flowchart of a method for determining a risk level fora proposed modification to a system, according to one or moreembodiments.

FIG. 4 depicts a flowchart of a method for determining a risk level fora proposed modification to code of a software component of a system,according to one or more embodiments.

FIG. 5 illustrates an implementation of a general computer system thatmay execute techniques presented herein.

DETAILED DESCRIPTION OF EMBODIMENTS

The present disclosure relates to methods and systems for training andusing a machine-learning based model to reduce and troubleshootincidents in a system and, more particularly, to training and using amachine-learning based model to determine a risk level for a proposedmodification to a system.

The subject matter of the present disclosure will now be described morefully with reference to the accompanying drawings that show, by way ofillustration, specific exemplary embodiments. An embodiment orimplementation described herein as “exemplary” is not to be construed aspreferred or advantageous, for example, over other embodiments orimplementations; rather, it is intended to reflect or indicate that theembodiment(s) is/are “example” embodiment(s). Subject matter may beembodied in a variety of different forms and, therefore, covered orclaimed subject matter is intended to be construed as not being limitedto any exemplary embodiments set forth herein; exemplary embodiments areprovided merely to be illustrative. Likewise, a reasonably broad scopefor claimed or covered subject matter is intended. Among other things,for example, subject matter may be embodied as methods, devices,components, or systems. Accordingly, embodiments may, for example, takethe form of hardware, software, firmware or any combination thereof(other than software per se). The following detailed description is,therefore, not intended to be taken in a limiting sense.

Throughout the specification and claims, terms may have nuanced meaningssuggested or implied in context beyond an explicitly stated meaning.Likewise, the phrase “in one embodiment” as used herein does notnecessarily refer to the same embodiment and the phrase “in anotherembodiment” as used herein does not necessarily refer to a differentembodiment. It is intended, for example, that claimed subject matterinclude combinations of exemplary embodiments in whole or in part.

The terminology used below may be interpreted in its broadest reasonablemanner, even though it is being used in conjunction with a detaileddescription of certain specific examples of the present disclosure.Indeed, certain terms may even be emphasized below; however, anyterminology intended to be interpreted in any restricted manner will beovertly and specifically defined as such in this Detailed Descriptionsection.

FIG. 1 depicts an exemplary system overview for risk aware softwaredevelopment and information technology operations (DevOps) using machinelearning techniques, according to one or more embodiments.

As shown in FIG. 1 , a Risk Aware System 100 may receive informationover network 670 from DevOps System 190. DevOps System 190 may includeat least one of an intake system 191, a development system 192, arelease system 193, a deployment system 194, or an incident reportingsystem 195. The Risk Aware System 100 may use machine learningtechniques to analyze the received information and display informationon display 610.

As an example, when a potential code segment upgrade is submitted into asystem for approval, an API may be triggered to send metadata associatedwith the code segment to the AI engine residing in the cloud, whichanalyzes the metadata using a trained model, and may provide an alertand/or risk rating to a UI.

Here, the API may be exposed in a Cloud Environment Service andintegrated/called from the DevOps system or code repository when newcode would be checked in to the repository. Generally, code may becentrally organized in a managed/protected code repository. Metadata maybe part of the “code commit”. A file is changed by a developer and thencommitted and pushed into the central repository. The code repositorytracks metadata of the commit such as user-name, file change, exact codemodified/added/removed, dependencies of the code, timestamp, and reasonfor code change, for example. Metadata may be different across coderepository platforms, but generally consists of the same core fields.The system includes the code repository (database) and also an“analytics database” that would be leveraged for visualization/UIdisplay. In a real-time solution, each code update would trigger eitheran update to that analytics database directly or have a daily/weeklybatch up.

One of the machine learning techniques that may be useful and effectivefor the analysis is a neural network, which is a type of supervisedmachine learning. Nonetheless, it should be noted that other machinelearning techniques and frameworks may be used to perform the methodscontemplated by the present disclosure. For example, the systems andmethods may be realized using other types of supervised machine learningsuch as regression problems, random forest, etc., using unsupervisedmachine learning such as cluster algorithms, principal componentanalysis (PCA), etc., and/or using reinforcement learning.

The displayed information may include a determined risk level 121 for afirst product in DevOps System 190, a determined risk level 122 for asecond product in DevOps System 190, and a determined risk level 123 fora third product in DevOps System 190. The displayed information may alsoinclude specific alerts, e.g., an alert 131 and alert 132. Alert 131 mayprovide a first alert identifying, for example, a first proposedmodification to DevOps System 190, may provide a first suggested actionfor reducing, for example, the determined risk level for the firstproposed modification to the DevOps System 190, and may provide thedetermined risk level as a first score from 0 to 100. Alert 132 mayprovide a second alert identifying, for example, a second proposedmodification to DevOps System 190, may provide a second suggested actionfor reducing, for example, the determined risk level for the secondproposed modification to the DevOps System 190, and may provide thedetermined risk level as a second score from 0 to 100. The first andsecond proposed modifications may include at least one of a modificationof a hardware component or a software component of DevOps System 190.

FIG. 2 depicts a flowchart of a method 200 for training amachine-learning based model, according to one or more embodiments.

As shown in FIG. 2 , in operation 210, the Risk Aware System 100 mayreceive first metadata regarding a previous modification to DevOpsSystem 190, and in operation 220, may extract a first feature from thereceived first metadata. In operation 230, the Risk Aware System 100 mayreceive second metadata regarding a previous incident related to theprevious modification occurring in the DevOps System 190, and inoperation 240, may extract a second feature from the received secondmetadata.

As an example, the first and second metadata may be provided from adatabase including first incident reports with information for eachincident provided with an incident number, closed date/time, category,close code, close note, long description, short description, root cause,and assignment group. As an example, the first and second metadata maybe provided from a database including second incident reports withinformation for each incident provided with an issue key, description,summary, label, issue type, fix version, environment, author, andcomments. As an example, the first and second metadata may be providedfrom a database including third incident reports with information foreach incident provided with a file name, script name, script type,script description, display identifier, message, committer type,committer link, properties, file changes, and branch information. Theseare merely examples of information that may be used as metadata, and thedisclosure is not limited to these examples.

In operation 250, the Risk Aware System 100 may train themachine-learning based model to learn an association between theprevious modification and the previous incident related to the previousmodification, based on the extracted first feature and the extractedsecond feature. In operation 260, the Risk Aware System 100 mayautomatically determine a risk level for the previous modification basedon the extracted first feature, by using the trained machine-learningbased model, based on the learned association between the previousmodification and the previous incident related to the previousmodification.

Here, topic modeling, such as Latent Dirichlet Allocation or NeuralTopic Modeling, and clustering, such as Bidirectional EncoderRepresentations from Transformers or Hierarchical Density-Based SpatialClustering of Applications with Noise, for example, may be performedusing metadata from a variety of sources to create clusters.Unsupervised learning may be done for incident descriptions, resolutionnotes, issue tracking tickets, and code repository commit messages, forexample. Auto-labeling of the created clusters may be performed usingtopic modeling. The finalized clusters may be used as classes to train asupervised classifier model. Because the amount of data may be massive,various Deep Learning models such as Artificial Neural Network,Recurrent Neural Networks, and Long-Short Term Memory may be used. Usingthe final classification tags from the supervised model, an incidentjourney may be mapped. These are merely examples of a machine-learningbased model, and the disclosure is not limited to these examples.

FIG. 3 depicts a flowchart of a method 300 for determining a risk levelfor a proposed modification to a DevOps System 190, according to one ormore embodiments.

As shown in FIG. 3 , in operation 310, the Risk Aware System 100 mayreceive metadata regarding the proposed modification to the DevOpsSystem 190, and in operation 320, may extract a feature from thereceived metadata, the extracted feature corresponding to a feature of atrained machine-learning based model for determining the risk level forthe proposed modification based on a learned association between theextracted feature and an incident occurring in the DevOps System 190. Inoperation 330, the Risk Aware System 100 may automatically determine therisk level for the proposed modification based on the extracted feature,by using the trained machine-learning based model that was trained basedon a first feature extracted from metadata regarding a previousmodification to the DevOps System 190 and a second feature extractedfrom metadata regarding a previous incident related to the previousmodification occurring in the DevOps System 190, based on the learnedassociation between the extracted feature and the incident occurring inthe DevOps System 190.

The risk level may be determined using dynamic thresholds (not fixedthresholds) that can vary by application/platform/code repository andchange over time and/or by use of a multi-class (e.g. 3-class)classification model (machine-learning/statistical model based) approachthat would have more flexibility than a traditional singlevalue/dimension approach.

In operation 340, the Risk Aware System 100 may provide an alertidentifying the determined risk level for the proposed modification tothe DevOps System 190. In operation 350, the Risk Aware System 100 mayprovide a suggested action for reducing the determined risk level forthe proposed modification to the DevOps System 190. In operation 360,the Risk Aware System 100 may block the proposed modification from beingimplemented when the determined risk level is above a predeterminedthreshold. In operation 370, the Risk Aware System 100 may provide thedetermined risk level as a score from 0 to 100.

Risk Aware System 100 may provide a risk identification model that willpredict the degree of risk for every code change/commit. This may beaccomplished by using the incident journey, so that the system mayreverse engineer and identify the patterns in incoming incidents due tocode changes, by training a risk classification model that will tag thecode changes to a risk degree, and by using a threshold analysis forsetting the risk degrees such as 1.5 Interquartile Range/3 InterquartileRange and Receiver Operating Characteristic curve analysis. Thethresholds may be dynamic and specific for a particular AssignmentGroup. The model may identify risks proactively in real-time asincident, issue ticket, and script data are collected.

Risk Aware System 100 may provide a model that can proactively suggestcode changes/resolutions for incoming incidents, by building aclassification/probability prediction (for example, Multi-LayerPerceptron, Logistic Regression, or Artificial Neural Network) model toidentify whether a new incident is code change related or not. If a newincident is code change related, the incident journey may be used toidentify which part of the code that needs to be changed to fix theissue. In the code, the incident journey may identify which branch,file, or class or module should be changed.

FIG. 4 depicts a flowchart of a method 400 for determining a risk levelfor a proposed modification to code of a software component of a DevOpsSystem 190, according to one or more embodiments.

As shown in FIG. 4 , in operation 410, the Risk Aware System 100 mayreceive metadata regarding the proposed modification to code of thesoftware component of the DevOps System 190, and in operation 420, mayextract a feature from the received metadata, the extracted featurecorresponding to a feature of a trained machine-learning based model fordetermining the risk level for the proposed modification based on alearned association between the extracted feature and an incidentoccurring in the DevOps System 190. In operation 430, the Risk AwareSystem 100 may automatically determine the risk level for the proposedmodification based on the extracted feature, by using the trainedmachine-learning based model that was trained based on a first featureextracted from metadata regarding a previous modification to the DevOpsSystem 190 and a second feature extracted from metadata regarding aprevious incident related to the previous modification occurring in theDevOps System 190, based on the learned association between theextracted feature and the incident occurring in the DevOps System 190.

In operation 440, the Risk Aware System 100 may determine whether thecode is a critical code segment or a non-critical code segment. Inoperation 450, the Risk Aware System 100 may provide a suggested actionfor reducing the determined risk level for the proposed modificationwhen the code is determined to be a non-critical code segment and thedetermined risk level is above a non-critical code predeterminedthreshold. In operation 460, the Risk Aware System 100 may block theproposed modification from being implemented when the code is determinedto be a critical code segment and the determined risk level is above acritical code predetermined threshold.

FIG. 5 illustrates an implementation of a general computer system thatmay execute techniques presented herein.

Unless specifically stated otherwise, as apparent from the followingdiscussions, it is appreciated that throughout the specification,discussions utilizing terms such as “processing,” “computing,”“calculating,” “determining”, analyzing” or the like, refer to theaction and/or processes of a computer or computing system, or similarelectronic computing device, that manipulate and/or transform datarepresented as physical, such as electronic, quantities into other datasimilarly represented as physical quantities.

In a similar manner, the term “processor” may refer to any device orportion of a device that processes electronic data, e.g., from registersand/or memory to transform that electronic data into other electronicdata that, e.g., may be stored in registers and/or memory. A “computer,”a “computing machine,” a “computing platform,” a “computing device,” ora “server” may include one or more processors.

FIG. 5 illustrates an implementation of a computer system 600. Thecomputer system 600 can include a set of instructions that can beexecuted to cause the computer system 600 to perform any one or more ofthe methods or computer based functions disclosed herein. The computersystem 600 may operate as a standalone device or may be connected, e.g.,using a network, to other computer systems or peripheral devices.

In a networked deployment, the computer system 600 may operate in thecapacity of a server or as a client user computer in a server-clientuser network environment, or as a peer computer system in a peer-to-peer(or distributed) network environment. The computer system 600 can alsobe implemented as or incorporated into various devices, such as apersonal computer (PC), a tablet PC, a set-top box (STB), a personaldigital assistant (PDA), a mobile device, a palmtop computer, a laptopcomputer, a desktop computer, a communications device, a wirelesstelephone, a land-line telephone, a control system, a camera, a scanner,a facsimile machine, a printer, a pager, a personal trusted device, aweb appliance, a network router, switch or bridge, or any other machinecapable of executing a set of instructions (sequential or otherwise)that specify actions to be taken by that machine. In a particularimplementation, the computer system 600 can be implemented usingelectronic devices that provide voice, video, or data communication.Further, while a computer system 600 is illustrated as a single system,the term “system” shall also be taken to include any collection ofsystems or sub-systems that individually or jointly execute a set, ormultiple sets, of instructions to perform one or more computerfunctions.

As illustrated in FIG. 5 , the computer system 600 may include aprocessor 602, e.g., a central processing unit (CPU), a graphicsprocessing unit (GPU), or both. The processor 602 may be a component ina variety of systems. For example, the processor 602 may be part of astandard personal computer or a workstation. The processor 602 may beone or more general processors, digital signal processors, applicationspecific integrated circuits, field programmable gate arrays, servers,networks, digital circuits, analog circuits, combinations thereof, orother now known or later developed devices for analyzing and processingdata. The processor 602 may implement a software program, such as codegenerated manually (i.e., programmed).

The computer system 600 may include a memory 604 that can communicatevia a bus 608. The memory 604 may be a main memory, a static memory, ora dynamic memory. The memory 604 may include, but is not limited tocomputer readable storage media such as various types of volatile andnon-volatile storage media, including but not limited to random accessmemory, read-only memory, programmable read-only memory, electricallyprogrammable read-only memory, electrically erasable read-only memory,flash memory, magnetic tape or disk, optical media and the like. In oneimplementation, the memory 604 includes a cache or random-access memoryfor the processor 602. In alternative implementations, the memory 604 isseparate from the processor 602, such as a cache memory of a processor,the system memory, or other memory. The memory 604 may be an externalstorage device or database for storing data. Examples include a harddrive, compact disc (“CD”), digital video disc (“DVD”), memory card,memory stick, floppy disc, universal serial bus (“USB”) memory device,or any other device operative to store data. The memory 604 is operableto store instructions executable by the processor 602. The functions,acts or tasks illustrated in the figures or described herein may beperformed by the processor 602 executing the instructions stored in thememory 604. The functions, acts or tasks are independent of theparticular type of instructions set, storage media, processor orprocessing strategy and may be performed by software, hardware,integrated circuits, firm-ware, micro-code and the like, operating aloneor in combination. Likewise, processing strategies may includemultiprocessing, multitasking, parallel processing and the like.

As shown, the computer system 600 may further include a display 610,such as a liquid crystal display (LCD), an organic light emitting diode(OLED), a flat panel display, a solid-state display, a cathode ray tube(CRT), a projector, a printer or other now known or later developeddisplay device for outputting determined information. The display 610may act as an interface for the user to see the functioning of theprocessor 602, or specifically as an interface with the software storedin the memory 604 or in the drive unit 606.

Additionally or alternatively, the computer system 600 may include aninput device 612 configured to allow a user to interact with any of thecomponents of computer system 600. The input device 612 may be a numberpad, a keyboard, or a cursor control device, such as a mouse, or ajoystick, touch screen display, remote control, or any other deviceoperative to interact with the computer system 600.

The computer system 600 may also or alternatively include drive unit 606implemented as a disk or optical drive. The drive unit 606 may include acomputer-readable medium 622 in which one or more sets of instructions624, e.g. software, can be embedded. Further, the instructions 624 mayembody one or more of the methods or logic as described herein. Theinstructions 624 may reside completely or partially within the memory604 and/or within the processor 602 during execution by the computersystem 600. The memory 604 and the processor 602 also may includecomputer-readable media as discussed above.

In some systems, a computer-readable medium 622 includes instructions624 or receives and executes instructions 624 responsive to a propagatedsignal so that a device connected to a network 670 can communicatevoice, video, audio, images, or any other data over the network 670.Further, the instructions 624 may be transmitted or received over thenetwork 670 via a communication port or interface 620, and/or using abus 608. The communication port or interface 620 may be a part of theprocessor 602 or may be a separate component. The communication port orinterface 620 may be created in software or may be a physical connectionin hardware. The communication port or interface 620 may be configuredto connect with a network 670, external media, the display 610, or anyother components in computer system 600, or combinations thereof. Theconnection with the network 670 may be a physical connection, such as awired Ethernet connection or may be established wirelessly as discussedbelow. Likewise, the additional connections with other components of thecomputer system 600 may be physical connections or may be establishedwirelessly. The network 670 may alternatively be directly connected to abus 608.

While the computer-readable medium 622 is shown to be a single medium,the term “computer-readable medium” may include a single medium ormultiple media, such as a centralized or distributed database, and/orassociated caches and servers that store one or more sets ofinstructions. The term “computer-readable medium” may also include anymedium that is capable of storing, encoding, or carrying a set ofinstructions for execution by a processor or that cause a computersystem to perform any one or more of the methods or operations disclosedherein. The computer-readable medium 622 may be non-transitory, and maybe tangible.

The computer-readable medium 622 can include a solid-state memory suchas a memory card or other package that houses one or more non-volatileread-only memories. The computer-readable medium 622 can be arandom-access memory or other volatile re-writable memory. Additionallyor alternatively, the computer-readable medium 622 can include amagneto-optical or optical medium, such as a disk or tapes or otherstorage device to capture carrier wave signals such as a signalcommunicated over a transmission medium. A digital file attachment to ane-mail or other self-contained information archive or set of archivesmay be considered a distribution medium that is a tangible storagemedium. Accordingly, the disclosure is considered to include any one ormore of a computer-readable medium or a distribution medium and otherequivalents and successor media, in which data or instructions may bestored.

In an alternative implementation, dedicated hardware implementations,such as application specific integrated circuits, programmable logicarrays and other hardware devices, can be constructed to implement oneor more of the methods described herein. Applications that may includethe apparatus and systems of various implementations can broadly includea variety of electronic and computer systems. One or moreimplementations described herein may implement functions using two ormore specific interconnected hardware modules or devices with relatedcontrol and data signals that can be communicated between and throughthe modules, or as portions of an application-specific integratedcircuit. Accordingly, the present system encompasses software, firmware,and hardware implementations.

The computer system 600 may be connected to a network 670. The network670 may define one or more networks including wired or wirelessnetworks. The wireless network may be a cellular telephone network, an802.11, 802.16, 802.20, or WiMAX network. Further, such networks mayinclude a public network, such as the Internet, a private network, suchas an intranet, or combinations thereof, and may utilize a variety ofnetworking protocols now available or later developed including, but notlimited to TCP/IP based networking protocols. The network 670 mayinclude wide area networks (WAN), such as the Internet, local areanetworks (LAN), campus area networks, metropolitan area networks, adirect connection such as through a Universal Serial Bus (USB) port, orany other networks that may allow for data communication. The network670 may be configured to couple one computing device to anothercomputing device to enable communication of data between the devices.The network 670 may generally be enabled to employ any form ofmachine-readable media for communicating information from one device toanother. The network 670 may include communication methods by whichinformation may travel between computing devices. The network 670 may bedivided into sub-networks. The sub-networks may allow access to all ofthe other components connected thereto or the sub-networks may restrictaccess between the components. The network 670 may be regarded as apublic or private network connection and may include, for example, avirtual private network or an encryption or other security mechanismemployed over the public Internet, or the like.

In accordance with various implementations of the present disclosure,the methods described herein may be implemented by software programsexecutable by a computer system. Further, in an exemplary, non-limitedimplementation, implementations can include distributed processing,component/object distributed processing, and parallel processing.Alternatively, virtual computer system processing can be constructed toimplement one or more of the methods or functionality as describedherein.

Although the present specification describes components and functionsthat may be implemented in particular implementations with reference toparticular standards and protocols, the disclosure is not limited tosuch standards and protocols. For example, standards for Internet andother packet switched network transmission (e.g., TCP/IP, UDP/IP, HTML,HTTP) represent examples of the state of the art. Such standards areperiodically superseded by faster or more efficient equivalents havingessentially the same functions. Accordingly, replacement standards andprotocols having the same or similar functions as those disclosed hereinare considered equivalents thereof.

It will be understood that the steps of methods discussed are performedin one embodiment by an appropriate processor (or processors) of aprocessing (i.e., computer) system executing instructions(computer-readable code) stored in storage. It will also be understoodthat the disclosure is not limited to any particular implementation orprogramming technique and that the disclosure may be implemented usingany appropriate techniques for implementing the functionality describedherein. The disclosure is not limited to any particular programminglanguage or operating system.

It should be appreciated that in the above description of exemplaryembodiments of the disclosure, various features of the disclosure aresometimes grouped together in a single embodiment, figure, ordescription thereof for the purpose of streamlining the disclosure andaiding in the understanding of one or more of the various inventiveaspects. This method of disclosure, however, is not to be interpreted asreflecting an intention that the claimed disclosure requires morefeatures than are expressly recited in each claim. Rather, as thefollowing claims reflect, inventive aspects lie in less than allfeatures of a single foregoing disclosed embodiment. Thus, the claimsfollowing the Detailed Description are hereby expressly incorporatedinto this Detailed Description, with each claim standing on its own as aseparate embodiment of this disclosure.

Furthermore, while some embodiments described herein include some butnot other features included in other embodiments, combinations offeatures of different embodiments are meant to be within the scope ofthe disclosure, and form different embodiments, as would be understoodby those skilled in the art. For example, in the following claims, anyof the claimed embodiments can be used in any combination.

Furthermore, some of the embodiments are described herein as a method orcombination of elements of a method that can be implemented by aprocessor of a computer system or by other means of carrying out thefunction. Thus, a processor with the necessary instructions for carryingout such a method or element of a method forms a means for carrying outthe method or element of a method. Furthermore, an element describedherein of an apparatus embodiment is an example of a means for carryingout the function performed by the element for the purpose of carryingout the disclosure.

In the description provided herein, numerous specific details are setforth. However, it is understood that embodiments of the disclosure maybe practiced without these specific details. In other instances,well-known methods, structures and techniques have not been shown indetail in order not to obscure an understanding of this description.

Similarly, it is to be noticed that the term coupled, when used in theclaims, should not be interpreted as being limited to direct connectionsonly. The terms “coupled” and “connected,” along with their derivatives,may be used. It should be understood that these terms are not intendedas synonyms for each other. Thus, the scope of the expression a device Acoupled to a device B should not be limited to devices or systemswherein an output of device A is directly connected to an input ofdevice B. It means that there exists a path between an output of A andan input of B which may be a path including other devices or means.“Coupled” may mean that two or more elements are either in directphysical or electrical contact, or that two or more elements are not indirect contact with each other but yet still co-operate or interact witheach other.

Thus, while there has been described what are believed to be thepreferred embodiments of the disclosure, those skilled in the art willrecognize that other and further modifications may be made theretowithout departing from the spirit of the disclosure, and it is intendedto claim all such changes and modifications as falling within the scopeof the disclosure. For example, any formulas given above are merelyrepresentative of procedures that may be used. Functionality may beadded or deleted from the block diagrams and operations may beinterchanged among functional blocks. Steps may be added or deleted tomethods described within the scope of the present disclosure.

The above disclosed subject matter is to be considered illustrative, andnot restrictive, and the appended claims are intended to cover all suchmodifications, enhancements, and other implementations, which fallwithin the true spirit and scope of the present disclosure. Thus, to themaximum extent allowed by law, the scope of the present disclosure is tobe determined by the broadest permissible interpretation of thefollowing claims and their equivalents, and shall not be restricted orlimited by the foregoing detailed description. While variousimplementations of the disclosure have been described, it will beapparent to those of ordinary skill in the art that many moreimplementations and implementations are possible within the scope of thedisclosure. Accordingly, the disclosure is not to be restricted exceptin light of the attached claims and their equivalents.

What is claimed is:
 1. A method comprising, performing by one or moreprocessors, operations including: automatically determining, using atrained machine-learning based model, a risk level for a proposedmodification to a system, wherein the proposed modification includes amodification to code of a software component of the system, determiningwhether the code is a critical code segment or a non-critical codesegment, and performing at least one of: providing a suggested actionfor reducing the determined risk level for the proposed modificationwhen the code is determined to be a non-critical code segment and thedetermined risk level is above a non-critical code predeterminedthreshold, or blocking the proposed modification from being implementedwhen the code is determined to be a critical code segment and thedetermined risk level is above a critical code predetermined threshold.2. A method for determining a risk level for a proposed modification toa system, the method comprising, performing by one or more processors,operations including: receiving metadata regarding the proposedmodification to the system; extracting a feature from the receivedmetadata, the extracted feature corresponding to a feature of a trainedmachine-learning based model for determining the risk level for theproposed modification based on a learned association between theextracted feature and an incident occurring in the system; andautomatically determining the risk level for the proposed modificationbased on the extracted feature, by using the trained machine-learningbased model that was trained based on a first feature extracted frommetadata regarding a previous modification to the system and a secondfeature extracted from metadata regarding a previous incident related tothe previous modification occurring in the system, based on the learnedassociation between the extracted feature and the incident occurring inthe system, wherein the proposed modification includes a modification tocode of a software component of the system, and wherein the operationsfurther include: determining whether the code is a critical code segmentor a non-critical code segment, and performing at least one of:providing a suggested action for reducing the determined risk level forthe proposed modification when the code is determined to be anon-critical code segment and the determined risk level is above anon-critical code predetermined threshold, or blocking the proposedmodification from being implemented when the code is determined to be acritical code segment and the determined risk level is above a criticalcode predetermined threshold.
 3. The method of claim 2, wherein theoperations further include: providing an alert identifying thedetermined risk level for the proposed modification to the system. 4.The method of claim 3, wherein the providing the alert further includes:providing a suggested action for reducing the determined risk level forthe proposed modification to the system.
 5. The method of claim 3,wherein the providing the alert further includes: blocking the proposedmodification from being implemented when the determined risk level isabove a predetermined threshold.
 6. The method of claim 2, wherein theoperations further include: providing the determined risk level as ascore from 0 to
 100. 7. The method of claim 2, wherein the systemincludes at least one of an intake system, a development system, arelease system, a deployment system, or an incident reporting system. 8.The method of claim 2, wherein the proposed modification includes atleast one of a modification of a hardware component of the system or amodification of a software component of the system.
 9. The method ofclaim 2, wherein the operations are performed by using one or moreApplication Programming Interface (API) interactions.
 10. Anon-transitory computer readable medium storing instructions that, whenexecuted by one or more processors, cause the one or more processors toperform the method of claim
 2. 11. A computer-implemented system fordetermining a risk level for a proposed modification to a system, thecomputer-implemented system comprising: a memory to store instructions;and a processor to execute the stored instructions to perform operationsincluding: receiving metadata regarding the proposed modification to thesystem; extracting a feature from the received metadata, the extractedfeature corresponding to a feature of a trained machine-learning basedmodel for determining the risk level for the proposed modification basedon a learned association between the extracted feature and an incidentoccurring in the system; and automatically determining the risk levelfor the proposed modification based on the extracted feature, by usingthe trained machine-learning based model that was trained based on afirst feature extracted from metadata regarding a previous modificationto the system and a second feature extracted from metadata regarding aprevious incident related to the previous modification occurring in thesystem, based on the learned association between the extracted featureand the incident occurring in the system, wherein the proposedmodification includes a modification to code of a software component ofthe system, and wherein the operations further include: determiningwhether the code is a critical code segment or a non-critical codesegment, and performing at least one of: providing a suggested actionfor reducing the determined risk level for the proposed modificationwhen the code is determined to be a non-critical code segment and thedetermined risk level is above a non-critical code predeterminedthreshold, or blocking the proposed modification from being implementedwhen the code is determined to be a critical code segment and thedetermined risk level is above a critical code predetermined threshold.12. The computer-implemented system of claim 11, wherein the operationsfurther include: providing an alert identifying the determined risklevel for the proposed modification to the system.
 13. Thecomputer-implemented system of claim 12, wherein the providing the alertfurther includes: providing a suggested action for reducing thedetermined risk level for the proposed modification to the system. 14.The computer-implemented system of claim 12, wherein the providing thealert further includes: blocking the proposed modification from beingimplemented when the determined risk level is above a predeterminedthreshold.
 15. The computer-implemented system of claim 11, wherein theoperations further include: providing the determined risk level as ascore from 0 to
 100. 16. The computer-implemented system of claim 11,wherein the system includes at least one of an intake system, adevelopment system, a release system, a deployment system, or anincident reporting system.
 17. The computer-implemented system of claim11, wherein the proposed modification includes at least one of amodification of a hardware component of the system or a modification ofa software component of the system.
 18. The computer-implemented systemof claim 11, wherein the operations are performed by using one or moreApplication Programming Interface (API) interactions.